package com.xiannimei.service.oauth;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.CoreConnectionPNames;
import org.apache.http.params.HttpParams;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.xiannimei.BusinessException;

/**
 * 忽略证书的 org.apache.http.client.HttpClient
 * 
 * 2013-4-15 下午4:05:30
 * 
 * @author xinyuan.guo
 * 
 */
class HttpClientIgnorCerts extends DefaultHttpClient {
	static int E_INITHTTPCLIENT = 600205;

	final static Logger log = LoggerFactory.getLogger(DefaultHttpClient.class);

	public HttpClientIgnorCerts() {
		super(initCCM(), initParams());
	}

	private static HttpParams initParams() {
		HttpParams params = new BasicHttpParams();
		params.setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 1000);
		params.setParameter(CoreConnectionPNames.SO_TIMEOUT, 5000);
		return params;
	}

	private static SingleClientConnManager initCCM() {
		return new SingleClientConnManager(initRegistry());
	}

	public static SchemeRegistry initRegistry() {
		SSLSocketFactory sslSocketFactory = null;
		try {
			sslSocketFactory = initSSLSocketFactory();
		} catch (Exception e) {
			log.error("SSLSocketFactory init exception !", e);
			throw new BusinessException(E_INITHTTPCLIENT);
		}
		SchemeRegistry registry = new SchemeRegistry();
		registry.register(new Scheme("http", 80, sslSocketFactory));
		registry.register(new Scheme("https", 443, sslSocketFactory));
		return registry;
	}

	public static SSLSocketFactory initSSLSocketFactory() throws KeyManagementException, UnrecoverableKeyException,
			NoSuchAlgorithmException, KeyStoreException {
		X509HostnameVerifier verifier = new X509HostnameVerifier() {

			@Override
			public boolean verify(String arg0, SSLSession arg1) {
				return true;
			}

			@Override
			public void verify(String host, String[] cns, String[] subjectAlts) {}

			@Override
			public void verify(String host, X509Certificate cert) {}

			@Override
			public void verify(String host, SSLSocket ssl) {}
		};
		return new SSLSocketFactory(initSSLContext(), verifier);
	}

	private static SSLContext initSSLContext() throws NoSuchAlgorithmException, KeyManagementException {
		SSLContext sslcontext = SSLContext.getInstance("TLS");
		X509TrustManager tm = new X509TrustManager() {

			@Override
			public X509Certificate[] getAcceptedIssuers() {
				return null;
			}

			@Override
			public void checkServerTrusted(X509Certificate[] chain, String authType) {}

			@Override
			public void checkClientTrusted(X509Certificate[] chain, String authType) {}
		};
		sslcontext.init(null, new TrustManager[] { tm }, null);
		return sslcontext;
	}
}